[Qgis-psc] [SAC] Osgeo Code signing certificates

Larry Shaffer larrys at dakotacarto.com
Wed Apr 20 03:39:03 PDT 2016 

Hi,

If the OSGeo is considering taking the following stances...

* referring to the industry standard practice of code-signing, which
protects the user from anyone tampering with software they are installing
or have installed, as something that needs a workaround;

* that the default security practices and implementations on major OSes is
somehow evil to their users, and that the users need protected from such
losses of freedom;

* that the OSGeo needs to train users on how to circumvent these default
security protections;

then an anti-reality warp is in effect, which will only hurt users who
actually just want to use the open-source software.

If that is indeed the case, I will personally pay this 'tax' on behalf of
Mac QGIS users' peace of mind (note, I already do). Or, maybe its just not
worth the cost and effort of trying to effect real change against
proprietary geospatial software here in the US until all desktop users
switch to Linux.

Larry Shaffer
Dakota Cartography
Black Hills, South Dakota

On Wed, Apr 20, 2016 at 3:58 AM, Sandro Santilli <strk at keybit.net> wrote:

> On Wed, Apr 20, 2016 at 08:43:51AM +0200, Richard Duivenvoorde wrote:
> > On 20-04-16 07:55, Sandro Santilli wrote:
> > > Could OSGeo take an official position against this reduction of user
> > > freedom when it comes to running an Apple system, and provide hints
> > > to take back ownership of owned machines ?
> >
> > Hi Sandro,
> >
> > How would you see this 'official position'?
> > An article on the osgeo.org frontpage?
>
> Doesn't necessarely need to be on the frontpage, but
> somewhere on the webpage, an article about what code signing
> is, what does it mean for free software, how user can (or cannot)
> determine who they trust and how to (once available) set OSGeo as
> a trusted source.
>
> > > And, as I suggested in another thread, _require_ the payment of a fee
> > > for _downloading_ a signed binary ? The user would then be challenged
> > > to either pay to keep using Gatekeeper or learn to kill it...
> >
> > Well, personally I think that is a good idea: we can make two downloads:
> > - 10 dollar for signed installer
> > - free one (plus docs how to install!) for the unsigned one
> > ( though we need two package processes then :-( )
> > I'll put it on the agenda for next PSC meeting to discuss this
>
> Thanks!
>
> --strk;
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20160420/f9b9caa6/attachment.html>

More information about the Qgis-psc mailing list